Improve scrubbing of sensitive identifiers

author AsamK <asamk@gmx.de>

Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)

committer AsamK <asamk@gmx.de>

Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)
author AsamK <asamk@gmx.de>
Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)
committer AsamK <asamk@gmx.de>
Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)
diff --git a/man/signal-cli.1.adoc b/man/signal-cli.1.adoc

index 33f99a6fbfc35be0ac20be93487a4e857dda41f2..110f80210946a91c50da00c23d73b51efa29b4d3 100644 (file)
--- a/man/signal-cli.1.adoc
+++ b/man/signal-cli.1.adoc
@@ -44,6 +44,7 @@ If `--verbose` is also given, the detailed logs will only be written to the log
  
  *--scrub-log*::
  Scrub possibly sensitive information from the log, like phone numbers and UUIDs.
+Doesn't work reliably on dbus logs with very verbose logging (`-vvv`)
  
  *--config* CONFIG::
  Set the path, where to store the config.
diff --git a/src/main/java/org/asamk/signal/logging/LogConfigurator.java b/src/main/java/org/asamk/signal/logging/LogConfigurator.java

index 825495df4d9f04d96280a1f7613462735907309e..65e8c4f5c85d0ecb26e0c61fc3b83864e1392027 100644 (file)
--- a/src/main/java/org/asamk/signal/logging/LogConfigurator.java
+++ b/src/main/java/org/asamk/signal/logging/LogConfigurator.java
@@ -52,6 +52,8 @@ public class LogConfigurator extends ContextAwareBase implements Configurator {
          rootLogger.addAppender(consoleAppender);
  
          lc.getLogger("org.asamk").setLevel(verboseLevel > 1 ? Level.ALL : verboseLevel > 0 ? Level.DEBUG : Level.INFO);
+        lc.getLogger("org.asamk.Signal")
+                .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN);
          lc.getLogger("com.zaxxer.hikari.pool.PoolBase")
                  .setLevel(verboseLevel > 2 ? Level.ALL : verboseLevel > 1 ? Level.INFO : Level.WARN);
          lc.getLogger("org.sqlite.core.NativeDB")
diff --git a/src/main/java/org/asamk/signal/logging/Scrubber.java b/src/main/java/org/asamk/signal/logging/Scrubber.java

index c1d66893956417ee5fd4466c0e0f0c83ef9a4f96..6078c6ba5a8696cffb44415b7aa8b0004f55e8d9 100644 (file)
--- a/src/main/java/org/asamk/signal/logging/Scrubber.java
+++ b/src/main/java/org/asamk/signal/logging/Scrubber.java
@@ -37,9 +37,17 @@ public final class Scrubber {
       * Supposedly, the shortest international phone numbers in use contain seven digits.
       * Handles URL encoded +, %2B
       */
-    private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|/org/asamk/Signal/_)(\\d{5,13})(\\d{2})");
+    private static final Pattern E164_PATTERN = Pattern.compile("(\\+|%2B|_)(\\d{5,13})(\\d{2})");
      private static final String E164_CENSOR = "*************";
  
+    private static final Pattern GROUP_V1_ID_PATTERN = Pattern.compile(
+            "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{18})([a-zA-Z0-9/_+-]{2})(==|__)");
+    private static final String GROUP_V1_ID_CENSOR = "*".repeat(18);
+
+    private static final Pattern GROUP_V2_ID_PATTERN = Pattern.compile(
+            "(/org/asamk/Signal/.*Groups/[a-zA-Z0-9/_+-]{2}|[a-zA-Z0-9/_+-]{2})([a-zA-Z0-9/_+-]{39})([a-zA-Z0-9/_+-]{2})([=_])");
+    private static final String GROUP_V2_ID_CENSOR = "*".repeat(39);
+
      /**
       * The second group will be censored.
       */
@@ -172,9 +180,11 @@ public final class Scrubber {
  
      public static CharSequence scrub(CharSequence in) {
  
+        in = scrubUuids(in);
          in = scrubE164(in);
          in = scrubEmail(in);
-        in = scrubUuids(in);
+        in = scrubGroupV2Ids(in);
+        in = scrubGroupV1Ids(in);
          in = scrubDomains(in);
          in = scrubIpv4(in);
  
@@ -189,6 +199,22 @@ public final class Scrubber {
                          .append(matcher.group(3)));
      }
  
+    private static CharSequence scrubGroupV1Ids(CharSequence in) {
+        return scrub(in,
+                GROUP_V1_ID_PATTERN,
+                (matcher, output) -> output.append(matcher.group(1))
+                        .append(GROUP_V1_ID_CENSOR, 0, matcher.group(2).length())
+                        .append(matcher.group(3)));
+    }
+
+    private static CharSequence scrubGroupV2Ids(CharSequence in) {
+        return scrub(in,
+                GROUP_V2_ID_PATTERN,
+                (matcher, output) -> output.append(matcher.group(1))
+                        .append(GROUP_V2_ID_CENSOR, 0, matcher.group(2).length())
+                        .append(matcher.group(3)));
+    }
+
      private static CharSequence scrubEmail(CharSequence in) {
          return scrub(in,
                  CRUDE_EMAIL_PATTERN,
author	AsamK <asamk@gmx.de>
	Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)
committer	AsamK <asamk@gmx.de>
	Wed, 31 Jan 2024 19:33:01 +0000 (20:33 +0100)
man/signal-cli.1.adoc		patch \| blob \| blame \| history
src/main/java/org/asamk/signal/logging/LogConfigurator.java		patch \| blob \| blame \| history
src/main/java/org/asamk/signal/logging/Scrubber.java		patch \| blob \| blame \| history